mirror of
https://github.com/renbaoshuo/S2OJ.git
synced 2024-11-22 19:28:41 +00:00
fix: search box position and security change
This commit changes the search box up the paginator, and fixes a security problem. ATTENTION! The version which has search box MUST update to the newest version IMMEDIATELY, the old version did not process the escape of the string, may cause SQL injection problems.
This commit is contained in:
parent
4fd63e8070
commit
b77834a182
@ -56,7 +56,6 @@ EOD;
|
|||||||
$cond = array();
|
$cond = array();
|
||||||
|
|
||||||
$search_tag = null;
|
$search_tag = null;
|
||||||
$search_word = $_GET["search"];
|
|
||||||
|
|
||||||
$cur_tab = isset($_GET['tab']) ? $_GET['tab'] : 'all';
|
$cur_tab = isset($_GET['tab']) ? $_GET['tab'] : 'all';
|
||||||
if ($cur_tab == 'template') {
|
if ($cur_tab == 'template') {
|
||||||
@ -68,8 +67,8 @@ EOD;
|
|||||||
if ($search_tag) {
|
if ($search_tag) {
|
||||||
$cond[] = "'".DB::escape($search_tag)."' in (select tag from problems_tags where problems_tags.problem_id = problems.id)";
|
$cond[] = "'".DB::escape($search_tag)."' in (select tag from problems_tags where problems_tags.problem_id = problems.id)";
|
||||||
}
|
}
|
||||||
if($search_word) {
|
if (isset($_GET["search"])) {
|
||||||
$cond[]="title like '%".$search_word."%' or id like '%".$search_word."%'";
|
$cond[]="title like '%".DB::escape($_GET["search"])."%' or id like '%".DB::escape($_GET["search"])."%'";
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($cond) {
|
if ($cond) {
|
||||||
@ -136,7 +135,12 @@ EOD;
|
|||||||
<?= HTML::tablist($tabs_info, $cur_tab, 'nav-pills') ?>
|
<?= HTML::tablist($tabs_info, $cur_tab, 'nav-pills') ?>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm-4">
|
<div class="col-sm-4">
|
||||||
<?php echo $pag->pagination(); ?>
|
<form id="form-search" class="input-group form-group" method="get">
|
||||||
|
<input type="text" class="form-control" name="search" placeholder="<?= UOJLocale::get('search')?>" />
|
||||||
|
<span class="input-group-btn">
|
||||||
|
<button type="submit" class="btn btn-search btn-primary" id="submit-search"><span class="glyphicon glyphicon-search"></span></button>
|
||||||
|
</span>
|
||||||
|
</form>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm-4 checkbox text-right">
|
<div class="col-sm-4 checkbox text-right">
|
||||||
<label class="checkbox-inline" for="input-show_tags_mode">
|
<label class="checkbox-inline" for="input-show_tags_mode">
|
||||||
@ -149,12 +153,7 @@ EOD;
|
|||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-xs-10 col-xs-push-1 col-sm-6 col-sm-push-3 input-group">
|
<div class="col-xs-10 col-xs-push-1 col-sm-6 col-sm-push-3 input-group">
|
||||||
<form id="form-search" class="input-group form-group" method="get">
|
<?php echo $pag->pagination(); ?>
|
||||||
<input type="text" class="form-control" name="search" placeholder="<?= UOJLocale::get('search')?>" />
|
|
||||||
<span class="input-group-btn">
|
|
||||||
<button type="submit" class="btn btn-search btn-primary" id="submit-search"><span class="glyphicon glyphicon-search"></span></button>
|
|
||||||
</span>
|
|
||||||
</form>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="top-buffer-sm"></div>
|
<div class="top-buffer-sm"></div>
|
||||||
|
Loading…
Reference in New Issue
Block a user